1
0
mirror of https://github.com/samba-team/samba.git synced 2024-12-23 17:34:34 +03:00
Commit Graph

1207 Commits

Author SHA1 Message Date
Andreas Schneider
e5ef368fb6 lib:ldb:tests: Fix signedness build error
lib/ldb/tests/ldb_filter_attrs_in_place_test.c:836:55: error: pointer
targets in passing argument 1 of ‘_assert_string_equal’ differ in
signedness [-Werror=pointer-sign]
  836 |         assert_string_equal(msg->elements[0].values[0].data,
      |                                                       ^
      |                                                       |
      |                                                       uint8_t * {aka unsigned char *}

Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
2023-04-06 12:51:30 +00:00
Joseph Sutton
d2bbb47a7c ldb: Use correct member of union
Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2023-04-05 02:10:35 +00:00
Joseph Sutton
449c2e99e2 CVE-2023-0614 ldb: Filter on search base before redacting message
Redaction may be expensive if we end up needing to fetch a security
descriptor to verify rights to an attribute. Checking the search scope
is probably cheaper, so do that first.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=15270

Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2023-04-05 02:10:35 +00:00
Joseph Sutton
9f31e4139c CVE-2023-0614 ldb: Centralise checking for inaccessible matches
This makes it less likely that we forget to handle a case.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=15270

Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2023-04-05 02:10:35 +00:00
Joseph Sutton
d5d0e71279 CVE-2023-0614 ldb: Prevent disclosure of confidential attributes
Add a hook, acl_redact_msg_for_filter(), in the aclread module, that
marks inaccessible any message elements used by an LDAP search filter
that the user has no right to access. Make the various ldb_match_*()
functions check whether message elements are accessible, and refuse to
match any that are not. Remaining message elements, not mentioned in the
search filter, are checked in aclread_callback(), and any inaccessible
elements are removed at this point.

Certain attributes, namely objectClass, distinguishedName, name, and
objectGUID, are always present, and hence the presence of said
attributes is always allowed to be checked in a search filter. This
corresponds with the behaviour of Windows.

Further, we unconditionally allow the attributes isDeleted and
isRecycled in a check for presence or equality. Windows is not known to
make this special exception, but it seems mostly harmless, and should
mitigate the performance impact on searches made by the show_deleted
module.

As a result of all these changes, our behaviour regarding confidential
attributes happens to match Windows more closely. For the test in
confidential_attr.py, we can now model our attribute handling with
DC_MODE_RETURN_ALL, which corresponds to the behaviour exhibited by
Windows.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=15270

Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>

Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2023-04-05 02:10:35 +00:00
Joseph Sutton
fdeb6ea15c CVE-2023-0614 ldb: Add ldb_parse_tree_get_attr()
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15270

Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2023-04-05 02:10:35 +00:00
Joseph Sutton
fffea59001 CVE-2023-0614 ldb: Make use of ldb_filter_attrs_in_place()
Change all uses of ldb_kv_filter_attrs() to use
ldb_filter_attrs_in_place() instead. This function does less work than
its predecessor, and no longer requires the allocation of a second ldb
message. Some of the work is able to be split out into separate
functions that each accomplish a single task, with a purpose to make the
code clearer.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=15270

Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2023-04-05 02:10:35 +00:00
Joseph Sutton
f25b1756aa CVE-2023-0614 ldb: Make ldb_filter_attrs_in_place() work in place
ldb_filter_attrs() previously did too much. Now its replacement,
ldb_filter_attrs_in_place(), only does the actual filtering, while
taking ownership of each element's values is handled in a separate
function, ldb_msg_elements_take_ownership().

Also, ldb_filter_attrs_in_place() no longer adds the distinguishedName
to the message if it is missing. That is handled in another function,
ldb_msg_add_distinguished_name().

As we're now modifying the original message rather than copying it into
a new one, we no longer need the filtered_msg parameter.

We adapt a test, based on ldb_filter_attrs_test, to exercise the new
function.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=15270

Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2023-04-05 02:10:35 +00:00
Joseph Sutton
131d417604 CVE-2023-0614 ldb: Add function to filter message in place
At present this function is an exact duplicate of ldb_filter_attrs(),
but in the next commit we shall modify it to work in place, without the
need for the allocation of a second message.

The test is a near duplicate of the existing test for
ldb_filter_attrs().

BUG: https://bugzilla.samba.org/show_bug.cgi?id=15270

Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2023-04-05 02:10:35 +00:00
Joseph Sutton
784a342785 CVE-2023-0614 ldb: Add function to add distinguishedName to message
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15270

Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2023-04-05 02:10:35 +00:00
Joseph Sutton
721493f4bd CVE-2023-0614 ldb: Add function to remove excess capacity from an ldb message
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15270

Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2023-04-05 02:10:35 +00:00
Joseph Sutton
b18ed9ae97 CVE-2023-0614 ldb: Add function to take ownership of an ldb message
Many places in Samba depend upon various components of an ldb message
being talloc allocated, and hence able to be used as talloc contexts.
The elements and values of an unpacked ldb message point to unowned data
inside the memory-mapped database, and this function ensures that such
messages have talloc ownership of said elements and values.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=15270

Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2023-04-05 02:10:35 +00:00
Joseph Sutton
294a4f6e28 CVE-2023-0614 ldb:tests: Ensure all tests are accounted for
Add ldb_filter_attrs_test to the list of tests so that it actually gets
run.

Remove a duplicate ldb_msg_test that was accidentally added in commit
5ca90e758a.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=15270

Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2023-04-05 02:10:35 +00:00
Joseph Sutton
1debb6584e CVE-2023-0614 ldb:tests: Ensure ldb_val data is zero-terminated
If the value of an ldb message element is not zero-terminated, calling
ldb_msg_find_attr_as_string() will cause the function to read off the
end of the buffer in an attempt to verify that the value is
zero-terminated. This can cause unexpected behaviour and make the test
randomly fail.

To avoid this, we must have a terminating null byte that is *not*
counted as part of the length, and so we must calculate the length with
strlen() rather than sizeof.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=15270

Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2023-04-05 02:10:35 +00:00
Joseph Sutton
ca9c467e41 CVE-2023-0614 ldb: Add functions for handling inaccessible message elements
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15270

Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2023-04-05 02:10:35 +00:00
Andreas Schneider
925b026a23 lib:ldb:tests: Fix code spelling
Best reviewed with: `git show --word-diff`.

Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>

Autobuild-User(master): Andreas Schneider <asn@cryptomilk.org>
Autobuild-Date(master): Tue Apr  4 08:30:28 UTC 2023 on atb-devel-224
2023-04-04 08:30:28 +00:00
Andreas Schneider
a8c571e983 lib:ldb:nssldb: Fix code spelling
Best reviewed with: `git show --word-diff`.

Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2023-04-04 07:31:36 +00:00
Andreas Schneider
73d04200bc lib:ldb:ldb_sqlite3: Fix code spelling
Best reviewed with: `git show --word-diff`.

Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2023-04-04 07:31:36 +00:00
Andreas Schneider
4eac2614b3 lib:ldb:ldb_map: Fix code spelling
Best reviewed with: `git show --word-diff`.

Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2023-04-04 07:31:36 +00:00
Andreas Schneider
594d6ef444 lib:ldb:ldb_key_value: Fix code spelling
Best reviewed with: `git show --word-diff`.

Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2023-04-04 07:31:36 +00:00
Andreas Schneider
f75adc4871 lib:ldb:include: Fix code spelling
Best reviewed with: `git show --word-diff`.

Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2023-04-04 07:31:36 +00:00
Andreas Schneider
fc28daa6c7 lib:ldb:common: Fix code spelling
Best reviewed with: `git show --word-diff`.

Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2023-04-04 07:31:36 +00:00
Joseph Sutton
f41f988038 ldb: Add ldb_val -> bool,uint64,int64 parsing functions
These functions allow us to parse any value of a message element, not
only the first. They also unambiguously indicate whether an error has
occurred.

Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2023-03-31 08:29:32 +00:00
Joseph Sutton
570a3ac866 ldb: Split out ldb_val_as_dn() helper function
Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2023-03-31 08:29:32 +00:00
Volker Lendecke
f448a1649c pyldb: Fix a copy&paste error, CID 1524512 DEADCODE
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>

Autobuild-User(master): Andreas Schneider <asn@cryptomilk.org>
Autobuild-Date(master): Thu Mar 30 08:08:32 UTC 2023 on atb-devel-224
2023-03-30 08:08:32 +00:00
Stefan Metzmacher
167f023586 lib/ldb: add LDB_CHANGETYPE_MODRDN support to ldb_ldif_to_pyobject()
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2023-03-22 22:10:32 +00:00
Stefan Metzmacher
7055ec0a0b lib/ldb: add LDB_CHANGETYPE_DELETE support to ldb_ldif_to_pyobject()
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2023-03-22 22:10:32 +00:00
Stefan Metzmacher
e24e7b9633 lib/ldb: re-order code in ldb_ldif_to_pyobject()
We don't allow MODRDN and DELETE for now as they
don't work as is anyway. We'll add these in the next steps.

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2023-03-22 22:10:32 +00:00
Stefan Metzmacher
cc5df80152 lib/ldb: let ldb_ldif_parse_modrdn() handle names without 'rdn_name=' prefix
This is needed in order to process schema updates.

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2023-03-22 22:10:32 +00:00
Joseph Sutton
211d19a04c ldb: Don't create error string if there is no error
We should only do this in the LDB_ERR_NO_SUCH_ATTRIBUTE case.

Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2023-03-22 18:40:31 +00:00
Andreas Schneider
795bab5629 lib:ldb: Correctly cast pointers for assert_string_equal()
This is a change in cmocka to avoid hiding possible errors.

Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>

Autobuild-User(master): Andreas Schneider <asn@cryptomilk.org>
Autobuild-Date(master): Wed Mar 15 07:53:54 UTC 2023 on atb-devel-224
2023-03-15 07:53:54 +00:00
Andrew Bartlett
cad96f59a0 lib/ldb: Avoid allocation and memcpy() for every wildcard match candidate
The value can be quite large, the allocation will take much
longer than the actual match and is repeated per candidate
record.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=15331

Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Joseph Sutton <josephsutton@catalyst.net.nz>
2023-03-14 06:16:30 +00:00
Joseph Sutton
d5f053711b ldb: Make ldb_msg_remove_attr O(n)
Previously it was O(n²).

Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2023-03-08 04:39:32 +00:00
Joseph Sutton
474674ac7d lib:pyldb: Throw error on invalid controls
Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2023-03-03 01:07:36 +00:00
Joseph Sutton
207a212948 lib:ldb: Fix typo
Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2023-03-03 01:07:36 +00:00
Andreas Schneider
8441c03ccf lib:ldb: Print a debug message in case we have a corrupted MDB
Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>

Autobuild-User(master): Andreas Schneider <asn@cryptomilk.org>
Autobuild-Date(master): Wed Feb 15 09:05:56 UTC 2023 on atb-devel-224
2023-02-15 09:05:56 +00:00
Andreas Schneider
240c031e7f lib:ldb: Add the location to ldb_kv_parse_data_unpack() debug output
Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
2023-02-15 08:12:35 +00:00
Douglas Bagnall
38d0147f6a ldb/pyldb: remove py2 ifdefs
Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2023-02-03 02:27:32 +00:00
Stefan Metzmacher
84f56f2b98 ldb: change the version to 2.8.0 for Samba 4.19
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Signed-off-by: Jule Anger <janger@samba.org>

Autobuild-User(master): Stefan Metzmacher <metze@samba.org>
Autobuild-Date(master): Wed Jan 18 17:25:51 UTC 2023 on atb-devel-224
2023-01-18 17:25:51 +00:00
Stefan Metzmacher
f972b1ea06 ldb: version 2.7.0
* Support python 3.12
* Have python functions operating on DNs raise LdbError
* don't call comparison() directly in LDB_TYPESAFE_QSORT
* Use ldb_ascii_toupper() for case folding to support
  tr_TR.UTF-8 and other dotless i locales,
  see https://bugzilla.samba.org/show_bug.cgi?id=15248

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Signed-off-by: Jule Anger <janger@samba.org>
2023-01-18 16:26:36 +00:00
Andreas Schneider
0c931fb301 waf: Run python tests also with tr_TR locale
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15248

Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>

Autobuild-User(master): Andreas Schneider <asn@cryptomilk.org>
Autobuild-Date(master): Fri Dec 23 14:17:31 UTC 2022 on sn-devel-184
2022-12-23 14:17:31 +00:00
Andreas Schneider
24275cd800 lib:ldb: Use ldb_ascii_toupper() for case folding
For example there are at least two locales (tr_TR and az_AZ) in glibc
having dotless i transformation different from Latin scripts and GUID
versus Guid comparison would be different there (attribute name would
not match in the test).

See also
https://en.wikipedia.org/wiki/Dotted_and_dotless_I
https://lists.samba.org/archive/samba-technical/2019-December/134659.html

This fixes: LC_ALL=tr_TR.UTF-8 make test

BUG: https://bugzilla.samba.org/show_bug.cgi?id=15248

Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
2022-12-23 13:23:29 +00:00
Andreas Schneider
a8f6fa03ef lib:ldb: Add ldb_ascii_toupper()
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15248

Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
2022-12-23 13:23:29 +00:00
Andreas Schneider
78ca66a1a5 lib:ldb: Remove trailing white spaces in ldb_private.h
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15248

Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
2022-12-23 13:23:29 +00:00
Andreas Schneider
c8e3873e7e lib:ldb: Fix trailing whitespaces in common/ldb_utf8.c
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15248

Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
2022-12-23 13:23:29 +00:00
Andreas Schneider
14751e91a5 lib:ldb: Fix trailing whitespaces in common/attrib_handlers.c
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15248

Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
2022-12-23 13:23:29 +00:00
Volker Lendecke
300ad4ff12 lib: Save intermediate NULL checks with talloc_asprintf_addbuf()
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
2022-12-14 04:32:34 +00:00
Volker Lendecke
cbcf7f0d21 lib: Use talloc_asprintf_addbuf() in rdn_name_add()
Add implicit NULL checks

Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
2022-12-14 04:32:34 +00:00
Volker Lendecke
ffba59b5c0 lib: Use talloc_asprintf_addbuf() in ldb_module_call_chain()
This was exactly what talloc_asprintf_addbuf() does.

Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
2022-12-14 04:32:34 +00:00
Volker Lendecke
7870e82cb4 lib: Fix whitespace
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
2022-12-14 04:32:34 +00:00
Joseph Sutton
19895c9389 ldb: don't call comparison() directly in LDB_TYPESAFE_QSORT
The result is not used, it is only part of the macro to gain
type-checking.

Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
2022-10-21 03:57:33 +00:00
Joseph Sutton
352064979b pyldb: Fix tests going unused
These tests are redeclared later and so are never used. Give them new
names so that they will be run again.

Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2022-10-05 04:23:32 +00:00
Joseph Sutton
a68428a951 pyldb: Have functions operating on DNs raise LdbError
The return codes of these functions are not often checked. Throwing an
exception ensures we won't continue blindly on if DN manipulation fails.

Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2022-10-05 04:23:32 +00:00
Douglas Bagnall
53f6dbe03f ldb: ldb_build_search_req() check for a talloc failure
The failure in question would have to be a `talloc_strdup(dn, "")` in
ldb_dn_from_ldb_val().

Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2022-09-16 05:46:35 +00:00
Volker Lendecke
47e2df56f6 ldb: Fix a typo
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
2022-09-07 18:40:28 +00:00
Volker Lendecke
9aca11a71a ldb: Fix a typo
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
2022-09-07 18:40:28 +00:00
Jule Anger
751b2b853b ldb: change the version to 2.7.0 for Samba 4.18
Signed-off-by: Jule Anger <janger@samba.org>
Signed-off-by: Stefan Metzmacher <metze@samba.org>

Autobuild-User(master): Jule Anger <janger@samba.org>
Autobuild-Date(master): Mon Aug  8 15:51:44 UTC 2022 on sn-devel-184
2022-08-08 15:51:44 +00:00
Andrew Bartlett
f4eb4e6478 CVE-2022-32746 ldb: Release LDB 2.6.1
* CVE-2022-32746 Use-after-free occurring in database audit logging module (bug 15009)

BUG: https://bugzilla.samba.org/show_bug.cgi?id=15009

Signed-off-by: Andrew Bartlett <abartlet@samba.org>
2022-07-27 10:52:36 +00:00
Joseph Sutton
0a3aa5f908 CVE-2022-32746 ldb: Make use of functions for appending to an ldb_message
This aims to minimise usage of the error-prone pattern of searching for
a just-added message element in order to make modifications to it (and
potentially finding the wrong element).

BUG: https://bugzilla.samba.org/show_bug.cgi?id=15009

Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz>
2022-07-27 10:52:36 +00:00
Joseph Sutton
df487eb2d7 CVE-2022-32746 ldb: Add functions for appending to an ldb_message
Currently, there are many places where we use ldb_msg_add_empty() to add
an empty element to a message, and then call ldb_msg_add_value() or
similar to add values to that element. However, this performs an
unnecessary search of the message's elements to locate the new element.
Moreover, if an element with the same attribute name already exists
earlier in the message, the values will be added to that element,
instead of to the intended newly added element.

A similar pattern exists where we add values to a message, and then call
ldb_msg_find_element() to locate that message element and sets its flags
to (e.g.) LDB_FLAG_MOD_REPLACE. This also performs an unnecessary
search, and may locate the wrong message element for setting the flags.

To avoid these problems, add functions for appending a value to a
message, so that a particular value can be added to the end of a message
in a single operation.

For ADD requests, it is important that no two message elements share the
same attribute name, otherwise things will break. (Normally,
ldb_msg_normalize() is called before processing the request to help
ensure this.) Thus, we must be careful not to append an attribute to an
ADD message, unless we are sure (e.g. through ldb_msg_find_element())
that an existing element for that attribute is not present.

These functions will be used in the next commit.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=15009

Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz>
2022-07-27 10:52:36 +00:00
Joseph Sutton
a2bb5beee8 CVE-2022-32746 ldb: Ensure shallow copy modifications do not affect original message
Using the newly added ldb flag, we can now detect when a message has
been shallow-copied so that its elements share their values with the
original message elements. Then when adding values to the copied
message, we now make a copy of the shared values array first.

This should prevent a use-after-free that occurred in LDB modules when
new values were added to a shallow copy of a message by calling
talloc_realloc() on the original values array, invalidating the 'values'
pointer in the original message element. The original values pointer can
later be used in the database audit logging module which logs database
requests, and potentially cause a crash.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=15009

Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz>
2022-07-27 10:52:36 +00:00
Joseph Sutton
7efe8182c1 CVE-2022-32746 ldb: Add flag to mark message element values as shared
When making a shallow copy of an ldb message, mark the message elements
of the copy as sharing their values with the message elements in the
original message.

This flag value will be heeded in the next commit.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=15009

Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz>
2022-07-27 10:52:36 +00:00
Joseph Sutton
41b1fe6d4a CVE-2022-32746 ldb:rdn_name: Use LDB_FLAG_MOD_TYPE() for flags equality check
Now unrelated flags will no longer affect the result.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=15009

Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz>
2022-07-27 10:52:36 +00:00
Volker Lendecke
894a1c1936 ldb: Introduce "colon" variable in ldb_module_connect_backend()
Easier debugging, avoid a second call to strchr()

Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
2022-04-26 21:41:29 +00:00
Volker Lendecke
41a9d958a6 ldb: Save a few lines with TALLOC_FREE()
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
2022-04-26 21:41:29 +00:00
Volker Lendecke
ef846e660a ldb: Avoid "==true/false" in a boolean expression
That's what we have boolean variables and expressions for

Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
2022-04-26 21:41:29 +00:00
Stefan Metzmacher
22c46d9f41 configure/Makefile: export PYTHONHASHSEED=1 in all 'configure/Makefile' scripts
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2022-03-29 22:32:32 +00:00
Andreas Schneider
9b0273faa7 lib:ldb: Reformat shell scripts
shfmt -f lib/ldb/ | xargs shfmt -w -p -i 0 -fn

Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2022-02-24 09:15:34 +00:00
Stefan Metzmacher
d844bc6cbd ldb: bump version to 2.6.0 for Samba 4.17.x releases
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Signed-off-by: Jule Anger <janger@samba.org>

Autobuild-User(master): Jule Anger <janger@samba.org>
Autobuild-Date(master): Mon Jan 24 12:15:09 UTC 2022 on sn-devel-184
2022-01-24 12:15:09 +00:00
Andrew Bartlett
1d5b155619 CVE-2021-3670 ldb: Confirm the request has not yet timed out in ldb filter processing
The LDB filter processing is where the time is spent in the LDB stack
but the timeout event will not get run while this is ongoing, so we
must confirm we have not yet timed out manually.

RN: Ensure that the LDB request has not timed out during filter processing
as the LDAP server MaxQueryDuration is otherwise not honoured.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=14694

Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
2021-11-25 01:41:30 +00:00
Andrew Bartlett
a19016e002 Release ldb 2.50 for the future samba 4.16 series
This avoids master having an older or identical LDB version
to Samba 4.15.x while it gains additional changes that may
not all be backported.

Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>

Autobuild-User(master): Jeremy Allison <jra@samba.org>
Autobuild-Date(master): Tue Oct  5 19:57:51 UTC 2021 on sn-devel-184
2021-10-05 19:57:51 +00:00
Andrew Bartlett
76899e2361 Release ldb 2.4.1
* Corrected python behaviour for 'in' for LDAP attributes
  contained as part of ldb.Message (bug 14845)
* Fix memory handling in ldb.msg_diff (bug 14836)
* Corrected python docstrings

BUG: https://bugzilla.samba.org/show_bug.cgi?id=14845
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14836
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14848

Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
2021-10-05 19:05:31 +00:00
Joseph Sutton
860d8902a9 pyldb: Make ldb.Message containment testing consistent with indexing
Previously, containment testing using the 'in' operator was handled by
performing an equality comparison between the chosen object and each of
the message's keys in turn. This behaviour was prone to errors due to
not considering differences in case between otherwise equal elements, as
the indexing operations do.

Containment testing should now be more consistent with the indexing
operations and with the get() method of ldb.Message.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=14845

Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2021-09-28 09:44:35 +00:00
Joseph Sutton
865fe23859 pyldb: Add tests for ldb.Message containment testing
These tests verify that the 'in' operator on ldb.Message is consistent
with indexing and the get() method. This means that the 'dn' element
should always be present, lookups should be case-insensitive, and use of
an invalid type should result in a TypeError.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=14845

Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2021-09-28 09:44:35 +00:00
Joseph Sutton
22353767ca pyldb: Raise TypeError for an invalid ldb.Message index
Previously, a TypeError was raised and subsequently overridden by a
KeyError.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=14845

Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2021-09-28 09:44:35 +00:00
Joseph Sutton
b018e51d27 pyldb: Add test for an invalid ldb.Message index type
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14845

Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2021-09-28 09:44:35 +00:00
Joseph Sutton
9d25a21d60 pyldb: Fix deleting an ldb.Control critical flag
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14845

Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2021-09-28 09:44:35 +00:00
Joseph Sutton
d7af772de8 pyldb: Fix deleting an ldb.Message dn
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14845

Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2021-09-28 09:44:35 +00:00
Joseph Sutton
19a2af02f5 pyldb: Avoid use-after-free in msg_diff()
Make a deep copy of the message elements in msg_diff() so that if either
of the input messages are deallocated early, the result does not refer
to non-existing elements.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=14642
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14836

Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
2021-09-15 07:59:31 +00:00
Joseph Sutton
c2bbe774ce ldb_msg: Don't fail in ldb_msg_copy() if source DN is NULL
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14642
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14836

Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
2021-09-15 07:59:31 +00:00
Joseph Sutton
02b1873033 Fix Python docstrings
Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>

Autobuild-User(master): Jeremy Allison <jra@samba.org>
Autobuild-Date(master): Sat Sep  4 00:55:32 UTC 2021 on sn-devel-184
2021-09-04 00:55:32 +00:00
Stefan Metzmacher
12bc55ff7a ldb: version 2.4 will be used for Samba 4.15
- Improve calculate_popt_array_length()
- Use C99 initializers for builtin_popt_options[]
- pyldb: Fix Message.items() for a message containing elements
- pyldb: Add test for Message.items()
- tests: Use ldbsearch '--scope instead of '-s'
- pyldb: fix a typo
- Change page size of guidindexpackv1.ldb
- Use a 1MiB lmdb so the test also passes on aarch64 CentOS stream
- attrib_handler casefold: simplify space dropping
- fix ldb_comparison_fold off-by-one overrun
- CVE-2020-27840: pytests: move Dn.validate test to ldb
- CVE-2020-27840 ldb_dn: avoid head corruption in ldb_dn_explode
- CVE-2021-20277 ldb/attrib_handlers casefold: stay in bounds
- CVE-2021-20277 ldb tests: ldb_match tests with extra spaces
- improve comments for ldb_module_connect_backend()
- test/ldb_tdb: correct introductory comments
- ldb.h: remove undefined async_ctx function signatures
- correct comments in attrib_handers val_to_int64
- dn tests use cmocka print functions
- ldb_match: remove redundant check
- add tests for ldb_wildcard_compare
- ldb_match: trailing chunk must match end of string
- pyldb: catch potential overflow error in py_timestring
- ldb: remove some 'if PY3's in tests
- Add missing break in switch statement

Signed-off-by: Stefan Metzmacher <metze@samba.org>
2021-07-14 21:06:36 +00:00
Andreas Schneider
c2c7c1f50a lib:ldb-samba: Improve calculate_popt_array_length()
Note that memcmp() doesn't work well with padding bytes. So avoid it!

(gdb) ptype/o struct poptOption
/* offset    |  size */  type = struct poptOption {
/*    0      |     8 */    const char *longName;
/*    8      |     1 */    char shortName;
/* XXX  3-byte hole  */
/*   12      |     4 */    unsigned int argInfo;
/*   16      |     8 */    void *arg;
/*   24      |     4 */    int val;
/* XXX  4-byte hole  */
/*   32      |     8 */    const char *descrip;
/*   40      |     8 */    const char *argDescrip;

                           /* total size (bytes):   48 */

Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2021-06-16 00:34:38 +00:00
Andreas Schneider
a593065c7f lib:ldb: Use C99 initializers for builtin_popt_options[]
Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2021-06-16 00:34:38 +00:00
Joseph Sutton
3e4ec0a90a pyldb: Fix Message.items() for a message containing elements
Previously, message elements were being freed before the call to
Py_BuildValue(), resulting in an exception being raised. Additionally,
only the first element of the returned list was ever assigned to.

Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
2021-06-11 07:41:38 +00:00
Joseph Sutton
79a898e2b7 pyldb: Add test for Message.items()
Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
2021-06-11 07:41:38 +00:00
Andreas Schneider
fca9c56836 tests: Use ldbsearch '--scope instead of '-s'
We should use long options in tests to make clear what we are trying to
do.

Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2021-04-28 03:43:34 +00:00
Björn Baumbach
6fcde09f09 pyldb: fix a typo
Signed-off-by: Björn Baumbach <bb@sernet.de>
Reviewed-by: Rowland penny <rpenny@samba.org>
2021-04-26 12:32:35 +00:00
Andreas Schneider
17294c6bb7 lib:ldb: Change page size of guidindexpackv1.ldb
As this is a TDB file, the file has been backed up using tdbbackup to
get a different page size. This fixes running the repack.py test on
aarch64.

Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Gary Lockyer <gary@catalyst.net.nz>

Autobuild-User(master): Andreas Schneider <asn@cryptomilk.org>
Autobuild-Date(master): Fri Apr 23 08:26:00 UTC 2021 on sn-devel-184
2021-04-23 08:26:00 +00:00
Gary Lockyer
84cf5c15f9 lib:ldb: Use a 1MiB lmdb so the test also passes on aarch64 CentOS stream
Signed-off-by: Gary Lockyer <gary@catalyst.net.nz>
Reviewed-by: Andreas Schneider <asn@samba.org>
2021-04-23 07:35:32 +00:00
Douglas Bagnall
24ddc1ca9c ldb/attrib_handler casefold: simplify space dropping
As seen in CVE-2021-20277, ldb_handler_fold() has been making mistakes
when collapsing spaces down to a single space.

This patch fixes the way it handles internal spaces (CVE-2021-20277
was about leading spaces), and involves a rewrite of the parsing loop.

The bug has a detailed description of the problem.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=14656

Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>

Autobuild-User(master): Andrew Bartlett <abartlet@samba.org>
Autobuild-Date(master): Wed Apr  7 03:16:39 UTC 2021 on sn-devel-184
2021-04-07 03:16:39 +00:00
Douglas Bagnall
2b2f4f5194 ldb: fix ldb_comparison_fold off-by-one overrun
We run one character over in comparing all the bytes in two ldb_vals.

In almost all circumstances both ldb_vals would have an allocated '\0'
in the overrun position, but it is best not to rely on that.

Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2021-04-07 02:17:34 +00:00
Stefan Metzmacher
293ab5f20c ldb: bump version to 2.4.0, in order to be used for Samba 4.15
Signed-off-by: Stefan Metzmacher <metze@samba.org>

Autobuild-User(master): Stefan Metzmacher <metze@samba.org>
Autobuild-Date(master): Wed Mar 24 13:11:52 UTC 2021 on sn-devel-184
2021-03-24 13:11:52 +00:00
Douglas Bagnall
9532c44bae CVE-2020-27840: pytests: move Dn.validate test to ldb
We had the test in the Samba Python segfault suite because
a) the signal catching infrastructure was there, and
b) the ldb tests lack Samba's knownfail mechanism, which allowed us to
   assert the failure.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=14595

Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2021-03-24 12:05:32 +00:00
Douglas Bagnall
dbb3e65f7e CVE-2020-27840 ldb_dn: avoid head corruption in ldb_dn_explode
A DN string with lots of trailing space can cause ldb_dn_explode() to
put a zero byte in the wrong place in the heap.

When a DN string has a value represented with trailing spaces,
like this

     "CN=foo   ,DC=bar"

the whitespace is supposed to be ignored. We keep track of this in the
`t` pointer, which is NULL when we are not walking through trailing
spaces, and points to the first space when we are. We are walking with
the `p` pointer, writing the value to `d`, and keeping the length in
`l`.

     "CN=foo   ,DC= "       ==>       "foo   "
            ^  ^                             ^
            t  p                             d
                                       --l---

The value is finished when we encounter a comma or the end of the
string. If `t` is not NULL at that point, we assume there are trailing
spaces and wind `d and `l` back by the correct amount. Then we switch
to expecting an attribute name (e.g. "CN"), until we get to an "=",
which puts us back into looking for a value.

Unfortunately, we forget to immediately tell `t` that we'd finished
the last value, we can end up like this:

     "CN=foo   ,DC= "       ==>        ""
            ^      ^                    ^
            t      p                    d
                                        l=0

where `p` is pointing to a new value that contains only spaces, while
`t` is still referring to the old value. `p` notices the value ends,
and we subtract `p - t` from `d`:

     "CN=foo   ,DC= "       ==>  ?     ""
            ^       ^            ^
            t       p            d
                                      l ~= SIZE_MAX - 8

At that point `d` wants to terminate its string with a '\0', but
instead it terminates someone else's byte. This does not crash if the
number of trailing spaces is small, as `d` will point into a previous
value (a copy of "foo" in this example). Corrupting that value will
ultimately not matter, as we will soon try to allocate a buffer `l`
long, which will be greater than the available memory and the whole
operation will fail properly.

However, with more spaces, `d` will point into memory before the
beginning of the allocated buffer, with the exact offset depending on
the length of the earlier attributes and the number of spaces.

What about a longer DN with more attributes? For example,
"CN=foo     ,DC= ,DC=example,DC=com" -- since `d` has moved out of
bounds, won't we continue to use it and write more DN values into
mystery memory? Fortunately not, because the aforementioned allocation
of `l` bytes must happen first, and `l` is now huge. The allocation
happens in a talloc_memdup(), which is by default restricted to
allocating 256MB.

So this allows a person who controls a string parsed by ldb_dn_explode
to corrupt heap memory by placing a single zero byte at a chosen
offset before the allocated buffer.

An LDAP bind request can send a string DN as a username. This DN is
necessarily parsed before the password is checked, so an attacker does
not need proper credentials. The attacker can easily cause a denial of
service and we cannot rule out more subtle attacks.

The immediate solution is to reset `t` to NULL when a comma is
encountered, indicating that we are no longer looking at trailing
whitespace.

Found with the help of Honggfuzz.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=14595

Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2021-03-24 12:05:32 +00:00
Douglas Bagnall
1fe8c790b2 CVE-2021-20277 ldb/attrib_handlers casefold: stay in bounds
For a string that had N spaces at the beginning, we would
try to move N bytes beyond the end of the string.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=14655

Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2021-03-24 12:05:32 +00:00
Douglas Bagnall
ea4bd2c437 CVE-2021-20277 ldb tests: ldb_match tests with extra spaces
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14655

Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2021-03-24 12:05:32 +00:00
Douglas Bagnall
48068a58df ldb: improve comments for ldb_module_connect_backend()
There is no flags argument.
There are more URI forms.

Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Jeremy Allison <jra@samba.org>
2021-03-17 05:57:34 +00:00
Douglas Bagnall
80a8d2f1a4 ldb/test/ldb_tdb: correct introductory comments
Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Jeremy Allison <jra@samba.org>
2021-03-17 05:57:34 +00:00
Douglas Bagnall
1a05b58eda ldb.h: remove undefined async_ctx function signatures
These functions do not exist.

Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Jeremy Allison <jra@samba.org>
2021-03-17 05:57:34 +00:00
Douglas Bagnall
46e6f6ef84 ldb: correct comments in attrib_handers val_to_int64
c.f. the identical static function in lib/ldb-samba/ldif_handlers.c

Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Jeremy Allison <jra@samba.org>
2021-03-11 21:42:43 +00:00
Douglas Bagnall
bb17b4e1bb ldb: dn tests use cmocka print functions
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14044

Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Björn Jacke <bjacke@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>

Autobuild-User(master): Andrew Bartlett <abartlet@samba.org>
Autobuild-Date(master): Wed Mar 10 09:51:25 UTC 2021 on sn-devel-184
2021-03-10 09:51:25 +00:00
Douglas Bagnall
fa93339978 ldb_match: remove redundant check
We already ensure the no-trailing-asterisk case ends at the end of the
string.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=14044

Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Björn Jacke <bjacke@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2021-03-10 08:42:33 +00:00
Douglas Bagnall
33a95a1e75 ldb: add tests for ldb_wildcard_compare
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14044

Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Björn Jacke <bjacke@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2021-03-10 08:42:33 +00:00
Douglas Bagnall
cc098f1cad ldb_match: trailing chunk must match end of string
A wildcard search is divided into chunks by the asterisks. While most
chunks match the first suitable string, the last chunk matches the
last possible string (unless there is a trailing asterisk, in which
case this distinction is moot).

We always knew this in our hearts, but we tried to do it in a funny
complicated way that stepped through the string, comparing here and
there, leading to CVE-2019-3824 and missed matches (bug 14044).

With this patch, we just jump to the end of the string and compare it.
As well as being correct, this should also improve performance, as the
previous algorithm involved a quadratic loop of erroneous memmem()s.

See https://tools.ietf.org/html/rfc4517

BUG: https://bugzilla.samba.org/show_bug.cgi?id=14044

Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Björn Jacke <bjacke@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2021-03-10 08:42:33 +00:00
Stefan Metzmacher
71e8b24b8a pyldb: catch potential overflow error in py_timestring
Pair-Programmed-With: Björn Baumbach <bb@sernet.de>

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Signed-off-by: Björn Baumbach <bb@sernet.de>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2021-03-01 03:50:35 +00:00
Douglas Bagnall
e49a0b444a ldb: remove some 'if PY3's in tests
Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: David Mulder <dmulder@suse.com>

Autobuild-User(master): David Mulder <dmulder@samba.org>
Autobuild-Date(master): Mon Feb 22 15:50:55 UTC 2021 on sn-devel-184
2021-02-22 15:50:55 +00:00
Andreas Schneider
1ffacac547 lib:ldb: Add missing break in switch statement
error: unannotated fall-through between switch labels [-Werror,-Wimplicit-fallthrough]

Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
2021-02-01 21:50:32 +00:00
Volker Lendecke
b6a57c49c0 ldb: Use hex_byte() in ldb_binary_decode()
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
2021-01-08 20:31:33 +00:00
Björn Jacke
c305ab0770 ldb_parse_test: studio compiler doesn't like empty struct definitions
Signed-off-by: Bjoern Jacke <bjacke@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2020-11-10 06:53:43 +00:00
Björn Jacke
918317124a ldb_key_value_test: studio compiler doesn't like empty struct definitions
Signed-off-by: Bjoern Jacke <bjacke@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2020-11-10 06:53:43 +00:00
Björn Jacke
c862ad64ae ldb_kv_index: fix empty initializer compile warning
Signed-off-by: Bjoern Jacke <bjacke@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2020-11-10 06:53:43 +00:00
Matthew DeVore
232054c09b lib/util: remove extra safe_string.h file
lib/util/safe_string.h is similar to source3/include/safe_string.h, but
the former has fewer checks. It is missing bcopy, strcasecmp, and
strncasecmp.

Add the missing elements to lib/util/safe_string.h remove the other
safe_string.h which is in the source3-specific path. To accomodate
existing uses of str(n?)casecmp, add #undef lines to source files where
they are used.

Signed-off-by: Matthew DeVore <matvore@google.com>
Reviewed-by: David Mulder <dmulder@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>

Autobuild-User(master): Jeremy Allison <jra@samba.org>
Autobuild-Date(master): Fri Aug 28 02:18:40 UTC 2020 on sn-devel-184
2020-08-28 02:18:40 +00:00
Mathieu Parent
9d935795ea Fix FTBFS / Increase the over-estimation for sparse files
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14418
Signed-off-by: Mathieu Parent <math.parent@gmail.com>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>

Autobuild-User(master): Andrew Bartlett <abartlet@samba.org>
Autobuild-Date(master): Tue Aug 25 04:23:19 UTC 2020 on sn-devel-184
2020-08-25 04:23:19 +00:00
Douglas Bagnall
2aace18f17 ldb_controls: control_to_string avoids crash
Otherwise a malformed control with unexpected NULL data will segfault
ldb_control_to_string(), though this is not very likely to affect
anyone in practice as converting controls to strings is rarely
necessary. If it happens at all in Samba it is in Python code.

Found by Honggfuzz using fuzz_ldb_parse_control.

Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Andreas Schneider <asn@samba.org>

Autobuild-User(master): Douglas Bagnall <dbagnall@samba.org>
Autobuild-Date(master): Wed Jul 29 04:43:23 UTC 2020 on sn-devel-184
2020-07-29 04:43:23 +00:00
Volker Lendecke
9f3d2ba7ee ldb_ldap: Fix a memleak
Don't allocate a temporary value on a long-term context

Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: David Mulder <dmulder@samba.org>
2020-07-02 10:38:34 +00:00
Gary Lockyer
d8b9bb274b CVE-2020-10730: lib ldb: Check if ldb_lock_backend_callback called twice
Prevent use after free issues if ldb_lock_backend_callback is called
twice, usually due to ldb_module_done being called twice. This can happen if a
module ignores the return value from function a function that calls
ldb_module_done as part of it's error handling.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=14364

Signed-off-by: Gary Lockyer <gary@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2020-07-02 09:01:41 +00:00
Alexander Bokovoy
990a0fc4a0 ldb_ldap: fix off-by-one increment in lldb_add_msg_attr
Fix regression introduced by commit ce2bf5c72b

lldb_add_msg_attr() calls ldb_msg_add_empty() which, in turn, calls
calls _ldb_msg_add_el() which already increments msg->num_elements by one.

As a result, msg->num_elements is bigger than the actual number of
elements and any iteration over elements would step over elements array
boundary.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=14413
Signed-off-by: Alexander Bokovoy <ab@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>

Autobuild-User(master): Andreas Schneider <asn@cryptomilk.org>
Autobuild-Date(master): Fri Jun 19 08:35:33 UTC 2020 on sn-devel-184
2020-06-19 08:35:33 +00:00
Alexander Bokovoy
36bd6edd8a lib/ldb: add unit test for ldb_ldap internal code
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14413
Signed-off-by: Alexander Bokovoy <ab@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
2020-06-19 07:16:37 +00:00
Volker Lendecke
1cb17b5472 ldb: Avoid a cast (unsigned long long) in ldbmodify.c
We have %zu for size_t

Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
2020-06-15 17:59:39 +00:00
Douglas Bagnall
e73c89f155 ldb commandline: don't crash if a received control contains no data
Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2020-06-13 05:25:31 +00:00
Douglas Bagnall
def6b65c42 ldb/controls: avoid stealing our own stuff
Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2020-06-13 05:25:31 +00:00
Douglas Bagnall
3fb21ed12e ldb/mod/paged_searches: cope with NULL control data
We won't get NULL data over ldap, but it can be set via 'local_oid:'.

Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2020-06-13 05:25:31 +00:00
Björn Jacke
a4041ee6ca ldb: also use portable __has_attribute macro to check for attribute support
Signed-off-by: Bjoern Jacke <bjacke@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2020-05-24 23:55:36 +00:00
Gary Lockyer
a699256f43 lib ldb: Limit depth of ldb_parse_tree
Limit the number of nested conditionals allowed by ldb_parse tree to
128, to avoid potential stack overflow issues.

Credit Oss-Fuzz

REF: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=19508

Signed-off-by: Gary Lockyer <gary@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>

Autobuild-User(master): Gary Lockyer <gary@samba.org>
Autobuild-Date(master): Sun May 10 23:21:08 UTC 2020 on sn-devel-184
2020-05-10 23:21:08 +00:00
Gary Lockyer
8c17b6f82f Fix clang 9 format-nonliteral warnings
Signed-off-by: Gary Lockyer <gary@catalyst.net.nz>
Reviewed-by: Andreas Schneider <asn@samba.org>
2020-05-08 09:31:31 +00:00
Gary Lockyer
13a2f70a4d Fix clang 9 missing-field-initializer warnings
Signed-off-by: Gary Lockyer <gary@catalyst.net.nz>
Reviewed-by: Andreas Schneider <asn@samba.org>
2020-05-08 09:31:31 +00:00
Gary Lockyer
9df4d6ab49 Fix clang 9 parentheses-equality warnings
Signed-off-by: Gary Lockyer <gary@catalyst.net.nz>
Reviewed-by: Andreas Schneider <asn@samba.org>
2020-05-08 09:31:31 +00:00
Andrew Bartlett
c309e6b2a7 CVE-2020-10700: ldb: Always use ldb_next_request() in ASQ module
We want to keep going down the module stack, and not start from the top again.

ASQ is above the ACL modules, but below paged_results and we do not wish to
re-trigger that work.

Thanks to Andrei Popa <andrei.popa@next-gen.ro> for finding,
reporting and working with us to diagnose this issue!

BUG: https://bugzilla.samba.org/show_bug.cgi?id=14331

Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Gary Lockyer <gary@catalyst.net.nz>
2020-05-04 08:19:41 +00:00
Gary Lockyer
d1f4002b91 lib ldb: lmdb init var before calling mdb_reader_check
Initilalise "stale" to zero before passing a pointer to it to
mdb_reader_check.

Signed-off-by: Gary Lockyer <gary@catalyst.net.nz>
Reviewed-by: Andreas Schneider <asn@samba.org>

Autobuild-User(master): Andreas Schneider <asn@cryptomilk.org>
Autobuild-Date(master): Tue Apr  7 12:29:00 UTC 2020 on sn-devel-184
2020-04-07 12:29:00 +00:00
Gary Lockyer
89041a6d18 lib ldb: lmdb clear stale readers on write txn start
In use process failures and Bind9 shut downs leave stale entries in the
lmdb reader table.  This can result in lmdb filling it's database file, as
the free list can not be reclaimed due to the stale reader.

In this fix we call mdb_reader_check at the start of each transaction,
to free any stale readers.  As the default maximum number of readers is
127, this should not impact on performance to any great extent.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=14330

Signed-off-by: Gary Lockyer <gary@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>

Autobuild-User(master): Andrew Bartlett <abartlet@samba.org>
Autobuild-Date(master): Tue Mar 31 01:26:07 UTC 2020 on sn-devel-184
2020-03-31 01:26:07 +00:00
Volker Lendecke
130502af0b ldb: Use ARRAY_DEL_ELEMENT() in ldb_dn_set_extended_component()
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
2020-03-26 14:43:32 +00:00
Volker Lendecke
f2a4eecbb3 ldb: Use ARRAY_DEL_ELEMENT() in ldb_dn_extended_filter()
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
2020-03-26 14:43:32 +00:00
Volker Lendecke
61a28bceef ldb: Use ARRAY_DEL_ELEMENT() in ldb_kv_index_del_value()
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
2020-03-26 14:43:32 +00:00
Volker Lendecke
d45174a060 ldb: Use ARRAY_DEL_ELEMENT() in ldb_kv_msg_delete_element()
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
2020-03-26 14:43:31 +00:00
Andrew Bartlett
5c1867ba45 py3: Remove #define PyInt_FromLong PyLong_FromLong
This allows us to end the use of Python 2/3 compatability macros.

Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Noel Power
2020-03-23 19:12:43 +00:00
Gary Lockyer
83ff052777 ldb build: Remove some PEP8 warnings from wscript
Fix indentation of list members and fix lines > 79 characters to remove
PEP8 warnings.

Signed-off-by: Gary Lockyer <gary@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2020-03-22 04:39:36 +00:00
Gary Lockyer
fc13304d15 ldb tests: Confirm lmdb free list handling
Add cmocka tests to confirm lmdb's handling of the free list.

As a result of lmdb's MVCC (Multiversion Concurrency Control) long
running read transactions or stale readers (read transactions where the
process exited without ending the transaction) can cause the database to
run out of space.

Items in the free list are only reused when they would not be visible in
a read transaction.  So long running read transactions prevent entries
in the free list being reused, and the database can run out of space.

Signed-off-by: Gary Lockyer <gary@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2020-03-22 04:39:36 +00:00
Andrew Bartlett
b8aa05525e ldb: ensure that ldbedit operates like ldbmodify: set DONT_CREATE_DB
ldb* tools, when passed a raw filename assume tdb://

By default, ldb_tdb will call tdb with O_CREAT.

TDB, when passed O_CREAT and a not-tdb file, will wipe the file.

This means that if you run ldbedit <path to mdb-format-ldb file> the file
will be wiped, which is unexpected.  I noticed this while trying to
corrupt a sam.ldb backend file (for testing), but instead I wiped it!

Ideally tdb would not do that, but the behaviour has been this way for
decades.  Ideally ldb would have had a "create db" command, but this
has been the job of ldbadd for over a decade.

So this just blunts the knife for ldbedit.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=14302

Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Gary Lockyer <gary@catalyst.net.nz>
2020-03-02 02:47:30 +00:00
Andrew Bartlett
535debb312 ldb: Add mem_ctx argument to ldb_kv_index_key()
This avoids using "ldb" as the memory context in most cases, and may avoid
a long-term memory leak if future changes cause dn_key not to be freed.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=14299

Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Gary Lockyer <gary@catalyst.net.nz>
2020-02-28 03:08:46 +00:00
Andrew Bartlett
48cfb8458b ldb: Improve coding style in ldb_kv_index_dn_simple()
We avoid bare if conditions in Samba.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=14299

Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Gary Lockyer <gary@catalyst.net.nz>
2020-02-28 03:08:46 +00:00
Andrew Bartlett
0a87f59ac2 ldb: Fix memory leak in ldb_kv_index_dn_ordered()
We need to ensure we TALLOC_FREE(tmp_ctx) in every error exit.

Reported by Alex Kolesnik, ABISoft Ltd., www.abisoft.biz.  Thanks!

BUG: https://bugzilla.samba.org/show_bug.cgi?id=14299

Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Gary Lockyer <gary@catalyst.net.nz>
2020-02-28 03:08:45 +00:00
Stefan Metzmacher
340cd2b816 ldb: change the version to 2.2.0 for Samba 4.13
Signed-off-by: Stefan Metzmacher <metze@samba.org>

Autobuild-User(master): Stefan Metzmacher <metze@samba.org>
Autobuild-Date(master): Wed Feb 26 23:11:39 UTC 2020 on sn-devel-184
2020-02-26 23:11:39 +00:00
Stefan Metzmacher
0ca46a3726 ldb: version 2.1.1
* Bug 14270:
  Samba 4.11 and later give incorrect results for SCOPE_ONE searches

Signed-off-by: Stefan Metzmacher <metze@samba.org>

Autobuild-User(master): Karolin Seeger <kseeger@samba.org>
Autobuild-Date(master): Tue Feb 25 12:59:02 UTC 2020 on sn-devel-184
2020-02-25 12:59:02 +00:00
Andrew Bartlett
0b8ab02008 ldb: Add tests aimed at the SCOPE_ONELEVEL bug in particular
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14270

Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
2020-02-25 10:38:34 +00:00
Andrew Bartlett
3c7261c43d ldb: Fix search with scope ONE and small result sets
This changes the LDB behaviour in the combination of a SCOPE_ONE search and
an index returning less than 10 results.

After b6b5b5fe35 the list->strict flag
became set to false in all cases, rather than being left to the
value set by the caller.

This changes the ldb_kv_index_dn_one() code to force strict
mode on success instead.

Thanks to Marcus Granér, ICEYE Oy for reporting.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=14270

Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
2020-02-25 10:38:34 +00:00
Andrew Bartlett
ec34a70957 ldb: Ensure @IDXONE modes is tested in ldb.python (apy.py) tests
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
2020-02-25 10:38:34 +00:00
Andrew Bartlett
167676973b ldb: Add tests aimed at the SCOPE_ONELEVEL particular
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14270

Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
2020-02-25 10:38:34 +00:00
Andrew Bartlett
17bd63dbea ldb: Add tests for one-level indexes in conjunction with other indexes
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14270

Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
2020-02-25 10:38:34 +00:00
Gary Lockyer
79460b1b9f lib ldb common: Fix memory leak
TALLOC_FREE the ldb_control allocated in ldb_parse_control_from_string
when none of the cases match.

Credit to OSS-Fuzz

Signed-off-by: Gary Lockyer <gary@catalyst.net.nz>
Reviewed-by: David Disseldorp <ddiss@samba.org>
2020-01-15 19:58:41 +00:00
Douglas Bagnall
16ca385013 ldb controls: fix typo in bypassoperational message
Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2020-01-12 19:50:37 +00:00
Fabrice Fontaine
f8799bf076 lib/ldb/tests: include stdint.h before cmocka.h
This fix the following build failures:

[2466/3864] Linking bin/default/lib/ldb/ldbmodify
In file included from /home/buildroot/autobuild/instance-0/output-1/host/opt/ext-toolchain/lib/gcc/mips64el-buildroot-linux-uclibc/5.5.0/include/stdint.h:9:0,
                 from ../../lib/tevent/tevent.h:31,
                 from ../../lib/ldb/include/ldb.h:51,
                 from ../../lib/ldb/tests/test_ldb_dn.c:25:
/home/buildroot/autobuild/instance-0/output-1/host/mips64el-buildroot-linux-uclibc/sysroot/usr/include/stdint.h:122:27: error: conflicting types for 'uintptr_t'
 typedef unsigned long int uintptr_t;
                           ^
In file included from ../../lib/ldb/tests/test_ldb_dn.c:23:0:
/home/buildroot/autobuild/instance-0/output-1/host/mips64el-buildroot-linux-uclibc/sysroot/usr/include/cmocka.h:132:28: note: previous declaration of 'uintptr_t' was here
       typedef unsigned int uintptr_t;
                            ^

In file included from /home/buildroot/autobuild/instance-0/output-1/host/opt/ext-toolchain/lib/gcc/mips64el-buildroot-linux-uclibc/5.5.0/include/stdint.h:9:0,
                 from ../../lib/tevent/tevent.h:31,
                 from ../../lib/ldb/tests/ldb_key_value_test.c:48:
/home/buildroot/autobuild/instance-0/output-1/host/mips64el-buildroot-linux-uclibc/sysroot/usr/include/stdint.h:122:27: error: conflicting types for 'uintptr_t'
 typedef unsigned long int uintptr_t;
                           ^
In file included from ../../lib/ldb/tests/ldb_key_value_test.c:43:0:
/home/buildroot/autobuild/instance-0/output-1/host/mips64el-buildroot-linux-uclibc/sysroot/usr/include/cmocka.h:132:28: note: previous declaration of 'uintptr_t' was here
       typedef unsigned int uintptr_t;
                            ^

Fixes:
 - http://autobuild.buildroot.org/results/9507739b3d5d51024ee9c60b74c2f85d5004e7e2

BUG: https://bugzilla.samba.org/show_bug.cgi?id=14218

Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Reviewed-by: Uri Simchoni <uri@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
2019-12-18 15:32:40 +00:00
Gary Lockyer
4d9753dfbd lib ldb: fix use after free
Fix ASAN detected use after free.  No security implications as  the
talloc_free is followed immediately by the print statement and the value
printed is an integer

Signed-off-by: Gary Lockyer <gary@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2019-12-18 06:39:26 +00:00
Andreas Schneider
e79e943824 ldb:tests: Add missing null check for ldb_kv_private
Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Gary Lockyer <gary@samba.org>

Autobuild-User(master): Andreas Schneider <asn@cryptomilk.org>
Autobuild-Date(master): Fri Dec  6 11:13:24 UTC 2019 on sn-devel-184
2019-12-06 11:13:24 +00:00
Andreas Schneider
9323b5c500 ldb:tests: Add missing size check for tdb
Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Gary Lockyer <gary@samba.org>
2019-12-06 09:12:26 +00:00
Andreas Schneider
e464e40c97 ldb:tests: Use assert_in_range() in test_get_size()
Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Gary Lockyer <gary@samba.org>
2019-12-06 09:12:26 +00:00
Andreas Schneider
9a1072ddb6 ldb: Avoid a possible NULL pointer dereference
Found by cppcheck.

Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Gary Lockyer <gary@samba.org>
2019-12-06 09:12:26 +00:00
Andreas Schneider
ea1c62f3c7 ldb:tests: Allow test filtering in ldb_mod_op_test
Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Isaac Boukris <iboukris@samba.org>

Autobuild-User(master): Andreas Schneider <asn@cryptomilk.org>
Autobuild-Date(master): Thu Dec  5 17:13:36 UTC 2019 on sn-devel-184
2019-12-05 17:13:36 +00:00
Andreas Schneider
520bb70dfd ldb:tests: Avoid that the debug function overwrites memory
We are setting ldb_debug_string() as the ldb debug function. The context
we give it is only valid as long as we're in that function.

On failure, we jump to the teardown function. The pointer for
debug_string isn't valid anymore, but the ldb debug system still points
to that address, and when we store the location of the allocated string,
we overwrite memory, in that case something from talloc and a
talloc_free() then jumps into the nirvana.

Thanks to Florian Weimer who helped debugging this.

Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Isaac Boukris <iboukris@samba.org>
2019-12-05 15:35:37 +00:00
Andrew Bartlett
10058bcfa1 ldb: Extend the ldb_dn_explode test matrix
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14049

Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Gary Lockyer <gary@catalyst.net.nz>
2019-08-27 04:44:41 +00:00
Andrew Bartlett
a8a3cef3a7 ldb: Do not read beyond the end of the extended DN component when printing
The print functions used in Samba NULL terminate, but do not assume they will

BUG: https://bugzilla.samba.org/show_bug.cgi?id=14049

Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Gary Lockyer <gary@catalyst.net.nz>
2019-08-27 04:44:41 +00:00
Andrew Bartlett
52bd2dde5a ldb: Add test with == true or false to boolean if statements in ldb_dn_explode()
This is beyond the normal level of clarity we expect in Samba, and is of course
rudundent, but this is a complex routine that has confusing tests, some of
pointers and some of boolean state values.

This tries to make the code as clear as possible pending a more comprehensive
rewrite.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=14049

Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Gary Lockyer <gary@catalyst.net.nz>
2019-08-27 04:44:41 +00:00
Andrew Bartlett
3f290e95c2 ldb: Rework all pointer NULL tests to use Samba's normal style
Also avoid if () without braces

BUG: https://bugzilla.samba.org/show_bug.cgi?id=14049

Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Gary Lockyer <gary@catalyst.net.nz>
2019-08-27 04:44:41 +00:00
Douglas Bagnall
a097ddf65c ldb: add some dn explode tests
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14049

Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Gary Lockyer <gary@catalyst.net.nz>
2019-08-27 04:44:40 +00:00
Douglas Bagnall
54f30f2fe3 ldb: don't try to save a value that isn't there
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14049

Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Gary Lockyer <gary@catalyst.net.nz>
2019-08-27 04:44:40 +00:00
Andrew Bartlett
1521a22f43 ldb: Call TALLOC_FREE(filtered_msg->elements) on ldb_filter_attrs() failure
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Gary Lockyer <gary@catalyst.net.nz>

Autobuild-User(master): Andrew Bartlett <abartlet@samba.org>
Autobuild-Date(master): Tue Aug 27 01:16:33 UTC 2019 on sn-devel-184
2019-08-27 01:16:33 +00:00
Andrew Bartlett
2117789c35 ldb: use TALLOC_FREE() over talloc_free() in ldb_filter_attrs()
This is a macro that sets the pointer to NULL after the talloc_free()
and is part of our standard coding practices.

Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Gary Lockyer <gary@catalyst.net.nz>
2019-08-26 23:59:36 +00:00
Andrew Bartlett
b1eec5b196 ldb: Correct Pigeonhole principle validation in ldb_filter_attrs()
Thankfully this only fails if the DB is corrupt and has a duplicate record.

The test was at the wrong end of the loop, and was for the
wrong boundary condition.  A write after the end of the array would
occour before the condition was hit.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=13695

Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Gary Lockyer <gary@catalyst.net.nz>
2019-08-26 23:59:36 +00:00
Gary Lockyer
41aaeaf1fe ldb tests: Fix ldb_lmdb_size_test
Fix the lmdb size test which ensures that databases > 4GiB can be
written by the lmdb backend.  This test is not run as part of the normal
CI run as it exhausts the available disk on the test runners.

It was broken by changes to LDB allowing the lmdb map size to be
specified, and requiring GUID indexing by default.

Signed-off-by: Gary Lockyer <gary@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2019-08-26 23:59:36 +00:00
Tim Beale
b6516dbd24 ldb: Free memory when repacking database
The msg for each database record is allocated on the module context, but
never freed. The module seems like it could be a long-running context (as
the database would normally get repacked by the samba executable).

Even if it's not a proper leak, it shouldn't hurt to cleanup the memory.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=14059

Signed-off-by: Tim Beale <timbeale@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Garming Sam <garming@catalyst.net.nz>

Autobuild-User(master): Garming Sam <garming@samba.org>
Autobuild-Date(master): Tue Aug 20 04:57:10 UTC 2019 on sn-devel-184
2019-08-20 04:57:10 +00:00
Tim Beale
ee6537c29e ldb: Log the partition we're repacking
Firstly, with Samba AD this looks a little weird because we log the same
message 5 times (once for every partition). If we log that we're doing
this to records in different partitions, hopefully someone with a little
Samba knowledge can figure out what's going on.

Secondly, the info about what partitions are actually changing might be
useful. E.g. if we hit a fatal error repacking the 3rd partition, and
the transaction doesn't abort properly, then it would be useful to know
what partitions were repacked and which ones weren't.

There doesn't appear to be a useful name for the partition
(ldb_kv->kv_ops->name() doesn't seem any more intelligible to a user),
so just log the first record that we update. We can use that to infer
the partition database).

BUG: https://bugzilla.samba.org/show_bug.cgi?id=14059

Signed-off-by: Tim Beale <timbeale@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Garming Sam <garming@catalyst.net.nz>
2019-08-20 03:40:29 +00:00
Tim Beale
5fee938842 ldb: Log pack format in user-friendly way
The "format 0x26011968" log confused me (and I'm a developer).
We can subtract the base offset from the pack format to get a more
user-friendly number, e.g. v0 (not actually used), v1, v2, etc.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=14059

Signed-off-by: Tim Beale <timbeale@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Garming Sam <garming@catalyst.net.nz>
2019-08-20 03:40:29 +00:00
Tim Beale
38e3e7cd32 ldb: Change pack format defines to enum
The main reason is so that any future pack formats will continue
incrementing this number in a sequential fashion.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=14059

Signed-off-by: Tim Beale <timbeale@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Garming Sam <garming@catalyst.net.nz>
2019-08-20 03:40:29 +00:00
Tim Beale
d427bd6c77 ldb: Move where we update the pack format version
Store it on the repack context so that we can log a more informative
message "Repacking from format x to format y".

While this is not really a big deal currently, it could be worth
recording for potential future scenarios (i.e. supporting three or more
pack versions), where upgrades could potentially skip an intermediary
pack format version.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=14059

Signed-off-by: Tim Beale <timbeale@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Garming Sam <garming@catalyst.net.nz>
2019-08-20 03:40:28 +00:00
Tim Beale
a2b0fc7c00 ldb: Always log when the database pack format changes
LDB_DEBUG_WARNING gets logged by Samba as level 2, whereas the default
log level for Samba is 0. It's not really fair to the user to change the
format of their database on disk and potentially not tell them.

This patch adds a log with level zero (using a alias define, as this
technically isn't a fatal problem).

BUG: https://bugzilla.samba.org/show_bug.cgi?id=14059

Signed-off-by: Tim Beale <timbeale@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Garming Sam <garming@catalyst.net.nz>
2019-08-20 03:40:28 +00:00
Swen Schillig
99b4791cfe ldb: Fix mem-leak if talloc_realloc fails
In case of a failing talloc_realloc(), the only reference
to the originally allocated memory is overwritten.
Instead use a temp var until success is verified.

Signed-off-by: Swen Schillig <swen@linux.ibm.com>
Reviewed-by: Christof Schmitt <cs@samba.org>
Reviewed-by: Matthias Dieter Wallnöfer <mdw@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2019-08-10 19:24:29 +00:00
Douglas Bagnall
b136f153b8 ldb_dn: free dn components on explode failure
Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Noel Power <npower@samba.org>
2019-08-06 17:00:38 +00:00
Aaron Haslett
81186651ee ldb: skip indexes on full_search
Use iterate_range kv op to skip the index section of the database when
running a full search. Quick local testing showed 18% improved throughput
on a full search with no results on a 50k database. With more results,
improvement is smaller but still noticeable.

Signed-off-by: Aaron Haslett <aaronhaslett@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Garming Sam <garming@catalyst.net.nz>

Autobuild-User(master): Andrew Bartlett <abartlet@samba.org>
Autobuild-Date(master): Fri Aug  2 02:29:42 UTC 2019 on sn-devel-184
2019-08-02 02:29:42 +00:00
Douglas Bagnall
c80606274f ldb ABI bump for pyldb_Ldb_AsLdbContext change
Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Gary Lockyer <gary@catalyst.net.nz>

Autobuild-User(master): Douglas Bagnall <dbagnall@samba.org>
Autobuild-Date(master): Wed Jul 10 05:48:52 UTC 2019 on sn-devel-184
2019-07-10 05:48:52 +00:00
Douglas Bagnall
fdb9a59069 pyldb: ldb.register_module() checks arguments a little bit
Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Gary Lockyer <gary@catalyst.net.nz>
2019-07-10 04:32:13 +00:00
Douglas Bagnall
192386ede6 pyldb: remove ldb.open, which was never survivable
There was no way to call ldb.open without evoking signal 11, so it is
unlikely anyone was using it.

Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Gary Lockyer <gary@catalyst.net.nz>
2019-07-10 04:32:13 +00:00
Douglas Bagnall
1d6b472cdc pyldb: rename pyldb_Dn_AsDn() to pyldb_Dn_AS_DN()
Following the python/C convention for checking vs non-checking
convertors.

Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Gary Lockyer <gary@catalyst.net.nz>
2019-07-10 04:32:13 +00:00
Douglas Bagnall
339f8bbdda pyldb: check for errors in PyLdb_GetPyType()
Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Gary Lockyer <gary@catalyst.net.nz>
2019-07-10 04:32:13 +00:00
Douglas Bagnall
e075f52a75 pyldb: fork pyldb_Ldb_AsLdbContext macro to reflect unsafeness
In the Python/C API, conversion functions which check the types of their arguments
have names like:

double PyFloat_AsDouble(PyObject *pyfloat);

while conversion macros that don't check have names like:

PyFloat_AS_DOUBLE(pyfloat)

The pyldb_Ldb_AsLdbContext() macro looks like one of the checking functions
but it actually isn't. This has fooled us more than once. Here we fork
the macro into two -- one which performs checks and keeps the camel
case, and one with a shouty name that keeps the check-free behaviour.

Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Gary Lockyer <gary@catalyst.net.nz>
2019-07-10 04:32:13 +00:00
Douglas Bagnall
f5e0339a0d pyldb: add pyldb_check_type()
This will be used by pyldb_Ldb_AsLdbContext().

Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Gary Lockyer <gary@catalyst.net.nz>
2019-07-10 04:32:13 +00:00
Douglas Bagnall
19a13cbe06 ldb: do not allow adding a DN as a base to itself
If you try to add a dn to itself, it expands as it goes. The resulting
loop cannot end well.

It looks like this in Python:

    dn = ldb.Dn(ldb.Ldb(), 'CN=y,DC=x')
    dn.add_base(dn)

Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Gary Lockyer <gary@catalyst.net.nz>
2019-07-10 04:32:13 +00:00
Gary Lockyer
86d480ade2 ldb: Release ldb 2.0.5
* add ldb_options_get
  add a function to get the options passed in ldb connect.

* add "batch_mode" option.
  This options stops sub transactions being started for key value
  operations.  It is intended to improve the performance in batch
  operations.  As it bypasses the protections on operations if an
  operation fails, the entire transaction will be aborted by a commit.

Signed-off-by: Gary Lockyer <gary@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2019-07-04 10:02:23 +00:00
Gary Lockyer
6226ab3b61 ldb: Rework index_transaction_cache_size to allow caller to specify a larger size
The previous code would override the caller with the DB size
estimate rather than allowing the caller to force the bigger size.

Signed-off-by: Gary Lockyer <gary@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2019-07-04 10:02:23 +00:00
Gary Lockyer
f87472c9e3 ldb ldb_key_value: test ldb batch
Test the the ldb "batch_mode" option sets batch mode operation.

Signed-off-by: Gary Lockyer <gary@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2019-07-04 10:02:23 +00:00
Gary Lockyer
652258768a ldb key_value: Add batch_mode option
When performing a join the overhead of the sub transactions protecting
key value operations becomes significant.  This commit adds a new
"batch_mode" option that disables the sub transactions around key value
operations.

The operation level index cache is also disabled, which means the
overall transaction level index cache can become inconsistent if an
operation fails. To protect against this and other possible on disk
inconsistencies, if any operation fails during a batch_mode
transaction the commit will fail and transaction will be rolled back.

Signed-off-by: Gary Lockyer <gary@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2019-07-04 10:02:23 +00:00
Gary Lockyer
32f2e390e4 ldb: Add new internal helper function ldb_options_get()
This is needed for modules to access the ldb->options array, as this in in ldb_private.h

Signed-off-by: Gary Lockyer <gary@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2019-07-04 10:02:23 +00:00
Andrew Bartlett
f583245706 ldb: Fix dependency on ldb_key_value_sub_txn_{mdb_}test
ldb_tdb can be a module, but the test is actually looking for ltdb_err_map() in
ldb_tdb_err_map.

Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
2019-07-04 10:02:23 +00:00
Andrew Bartlett
e513bab961 ldb: Try to explain the confusing overload of the LDB_FLG_MOD_* enumeration and other flags
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>

Autobuild-User(master): Andrew Bartlett <abartlet@samba.org>
Autobuild-Date(master): Thu Jul  4 03:51:58 UTC 2019 on sn-devel-184
2019-07-04 03:51:58 +00:00
Andrew Bartlett
bc48b4b158 ldb: Add tests for Ldb.write_ldif() including the FLG_SHOW_BINARY and FLAG_FORCE_NO_BASE64_LDIF
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
2019-07-04 02:07:21 +00:00
Andrew Bartlett
f8fbd9cfe1 pyldb: Apply flags specified by ldb.Ldb(flags=...) even if the URL is not set
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
2019-07-04 02:07:21 +00:00
Björn Baumbach
894ddafc25 ldb/ldb_ldif: add LDB_FLAG_FORCE_NO_BASE64_LDIF flag
Flag is used to enforce binary encoded attribute values per attribute.

Signed-off-by: Björn Baumbach <bb@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2019-07-04 02:07:20 +00:00
Björn Baumbach
89d95fb75c ldb/ldb_ldif: add copy_raw_bytes helper variable to ldb_ldif_write_trace()
Signed-off-by: Björn Baumbach <bb@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2019-07-04 02:07:20 +00:00
Gary Lockyer
bbc2000079 lib ldb ldb_mdb: Pass the lmdb map size as an ldb option
Allow the lmdb map size to be specified in the ldb option
"lmdb_env_size".

Signed-off-by: Gary Lockyer <gary@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2019-07-02 02:23:09 +00:00
Gary Lockyer
e46d5bb669 ldb: Release ldb 2.0.4
* copy the ldb_options passed to ldb_connect onto the ldb_context,
  making them more generally available.

* fix index buffering.
  As a performance enhancement the indexes are cached in memory during a
  transaction, and written to disk as part of the prepare commit. The
  indexes could become corrupt in the event of a failed operation.

* fix read beyond buffer
  Calling the "ldb_parse_tree" function with a filter consisting of
  exactly a single space (" ") would trigger a read beyond the input
  buffer.
  BUG: https://bugzilla.samba.org/show_bug.cgi?id=13900

Signed-off-by: Gary Lockyer <gary@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2019-07-02 02:23:09 +00:00
Gary Lockyer
3b52ca59a2 lib ldb: save a copy of the options on the context
Copy the options supplied to to ldb_connect, and place them on the
ldb_context. This allows backend options i.e. lmbd map size to be passed
cleanly from the callers.

Signed-off-by: Gary Lockyer <gary@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2019-07-02 02:23:09 +00:00